colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/envoy: add option requireValidConfig to make config validation errors non-fatal

Browse Source 
Co-authored-by: Vincent Haupert <vincent@yaxi.tech>
This commit is contained in:
Andreas Stührk 2023-02-09 12:19:58 +01:00 committed by pennae
parent 84220a7098
commit 8dade1f713
2 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nixos/modules/services/networking/envoy.nix
View File

@ -6,12 +6,11 @@ let
cfg = config.services.envoy; cfg = config.services.envoy;
format = pkgs.formats.json { }; format = pkgs.formats.json { };
conf = format.generate "envoy.json" cfg.settings; conf = format.generate "envoy.json" cfg.settings;
validateConfig = file: validateConfig = required: file:
pkgs.runCommand "validate-envoy-conf" { } '' pkgs.runCommand "validate-envoy-conf" { } ''
${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}" ${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}" ${lib.optionalString (!required) "|| true"}
cp "${file}" "$out" cp "${file}" "$out"
''; '';
in in
{ {
@ -20,6 +19,16 @@ in
package = mkPackageOptionMD pkgs "envoy" { }; package = mkPackageOptionMD pkgs "envoy" { };
requireValidConfig = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether a failure during config validation at build time is fatal.
When the config can't be checked during build time, for example when it includes
other files, disable this option.
'';
};
settings = mkOption { settings = mkOption {
type = format.type; type = format.type;
default = { }; default = { };
@ -55,7 +64,7 @@ in
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig conf}"; ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig cfg.requireValidConfig conf}";
CacheDirectory = [ "envoy" ]; CacheDirectory = [ "envoy" ];
LogsDirectory = [ "envoy" ]; LogsDirectory = [ "envoy" ];
Restart = "no"; Restart = "no";

33
nixos/tests/envoy.nix
View File

@ -22,12 +22,33 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
clusters = []; clusters = [];
}; };
}; };
specialisation = {
withoutConfigValidation.configuration = { ... }: {
services.envoy = {
requireValidConfig = false;
settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log";
};
};
};
}; };
testScript = '' testScript = { nodes, ... }:
machine.start() let
machine.wait_for_unit("envoy.service") specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
machine.wait_for_open_port(80) in
machine.wait_until_succeeds("curl -fsS localhost:80/ready") ''
''; machine.start()
with subtest("envoy.service starts and responds with ready"):
machine.wait_for_unit("envoy.service")
machine.wait_for_open_port(80)
machine.wait_until_succeeds("curl -fsS localhost:80/ready")
with subtest("envoy.service works with config path not available at eval time"):
machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test')
machine.wait_for_unit("envoy.service")
machine.wait_for_open_port(80)
machine.wait_until_succeeds("curl -fsS localhost:80/ready")
machine.succeed('test -f /var/log/envoy/access.log')
'';
}) })